**** is not a valid win32 application...

[Arianna]

It was suggested that I post this problem here. Maybe one of you can
help me.


I'm about to rip my hair out.

I got a pop up the other day saying something about how Windows
Security Alerts detected some virus. Like an idiot, I clicked "OK"
without thinking. Now, I have a constant pop-up from some supposed
security alert center asking me to buy it. UNlike other rogue
anti-spyware viruses I've had, though, this one won't let me do
ANYTHING.

I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
Systemcare. It won't let me open anything .exe save for Internet
Explorer. I have tried running all of these in Safe Mode. This
doesn't
work either. I have surfed the web and found numerous supposed
"fixes," but once I download them, I can't use them as the error
message pops up once again telling me that it's not a valid Win32
application. I've tried system restore, and it tells me that system
restore was shut off by the administrator.

Please someone help me. I don't want to have to completely redo
EVERYTHING if I don't have to.
Thanks in advance.

 

[David H. Lipman]

From: "Arianna" <[email protected]>


| It was suggested that I post this problem here. Maybe one of you can
| help me.


| I'm about to rip my hair out.

| I got a pop up the other day saying something about how Windows
| Security Alerts detected some virus. Like an idiot, I clicked "OK"
| without thinking. Now, I have a constant pop-up from some supposed
| security alert center asking me to buy it. UNlike other rogue
| anti-spyware viruses I've had, though, this one won't let me do
| ANYTHING.

| I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
| Systemcare. It won't let me open anything .exe save for Internet
| Explorer. I have tried running all of these in Safe Mode. This
| doesn't
| work either. I have surfed the web and found numerous supposed
| "fixes," but once I download them, I can't use them as the error
| message pops up once again telling me that it's not a valid Win32
| application. I've tried system restore, and it tells me that system
| restore was shut off by the administrator.

| Please someone help me. I don't want to have to completely redo
| EVERYTHING if I don't have to.
| Thanks in advance.

Plaese download and execute Gmer on the affected computer...
http://www.gmer.net/#files

Close ALL applications and run a full scan.

If it doesn't like EXE files, rename the file to .COM

 

[David H. Lipman]

From: "Arianna" <[email protected]>


| It was suggested that I post this problem here. Maybe one of you can
| help me.


| I'm about to rip my hair out.

| I got a pop up the other day saying something about how Windows
| Security Alerts detected some virus. Like an idiot, I clicked "OK"
| without thinking. Now, I have a constant pop-up from some supposed
| security alert center asking me to buy it. UNlike other rogue
| anti-spyware viruses I've had, though, this one won't let me do
| ANYTHING.

| I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
| Systemcare. It won't let me open anything .exe save for Internet
| Explorer. I have tried running all of these in Safe Mode. This
| doesn't
| work either. I have surfed the web and found numerous supposed
| "fixes," but once I download them, I can't use them as the error
| message pops up once again telling me that it's not a valid Win32
| application. I've tried system restore, and it tells me that system
| restore was shut off by the administrator.

| Please someone help me. I don't want to have to completely redo
| EVERYTHING if I don't have to.
| Thanks in advance.

Arianna:

Please ignore the fake MS MVP and malicious person known as "The Real Truth" (aka;
PCBUTTS1)
The software he is promoting is malicious and will block reputable web sites and
deliberately corrupt Malwarebytes' anti-malware amognst other things.

 

[Char Jackson]

It was suggested that I post this problem here. Maybe one of you can
help me.


I'm about to rip my hair out.

I got a pop up the other day saying something about how Windows
Security Alerts detected some virus. Like an idiot, I clicked "OK"
without thinking. Now, I have a constant pop-up from some supposed
security alert center asking me to buy it. UNlike other rogue
anti-spyware viruses I've had, though, this one won't let me do
ANYTHING.

I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
Systemcare. It won't let me open anything .exe save for Internet
Explorer. I have tried running all of these in Safe Mode. This
doesn't
work either. I have surfed the web and found numerous supposed
"fixes," but once I download them, I can't use them as the error
message pops up once again telling me that it's not a valid Win32
application. I've tried system restore, and it tells me that system
restore was shut off by the administrator.

Please someone help me. I don't want to have to completely redo
EVERYTHING if I don't have to.
Thanks in advance.

I think my wife just ran across the same kind of site. When she
clicked a link to a page that she wanted to see, a dialog box popped
up telling her that her computer is at risk. There is only an OK
button, so she clicked it, allowing the rest of the page to load.
Instead of getting the content that she expected, the page looked like
Windows Explorer down to the last detail, with the common tasks on the
left side and the drives shown in the center of the screen, and when
it finished loading it said that X viruses (different number for each
drive) were found on the respective drives. Lastly, it presents a
download dialog box, offering to let you download an .exe that will
remove everything and get you back in business. The .exe is named
"setup_build7_201.exe"

All in all, I thought it was fairly well done, and had to look twice
before advising my wife to exit without downloading or running
anything from that page. I don't _think_ she got infected by anything,
but we're running scans now. MBAM first, then SAS. NOD32 is resident
and active, and Gmer is standing by.

An example can be found here:
hxxp://thephotoessay.com/chiyin/_notes/t/?5=pacquiao-vs-cotto

Sometimes the page loads with a harmless looking list of CNN news
articles, while other times it loads as described above.

 

[FromTheRafters]

I think my wife just ran across the same kind of site. When she
clicked a link to a page that she wanted to see, a dialog box popped
up telling her that her computer is at risk. There is only an OK
button, so she clicked it, allowing the rest of the page to load.
Instead of getting the content that she expected, the page looked like
Windows Explorer down to the last detail, with the common tasks on the
left side and the drives shown in the center of the screen, and when
it finished loading it said that X viruses (different number for each
drive) were found on the respective drives. Lastly, it presents a
download dialog box, offering to let you download an .exe that will
remove everything and get you back in business. The .exe is named
"setup_build7_201.exe"

All in all, I thought it was fairly well done, and had to look twice
before advising my wife to exit without downloading or running
anything from that page. I don't _think_ she got infected by anything,
but we're running scans now. MBAM first, then SAS. NOD32 is resident
and active, and Gmer is standing by.

Sometimes, in addition to the social engineering aspect, there are
software exploits attempted. That first click may have been enough to
infest, so it is a good thing to have those tools at hand.

[...]

 

[Leythos]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here

PCBUTTS1, you've exposed yourself as the PIRATE/THIEF we all have said
you are.

You've been clearly exposed as a thief when you pirated code containing
a special marker enter by the real author, the file named
"obatssrsghde.exe" was a marker inserted into Stuarts batch file you
stole from him, it was a KEY that proves you're a thief:

For those that don't know, Stuart inserted the obatssrsghde.exe marker
into his batch file to prove, to the community, that PCBUTTS1 / The Real
Truth MVP is actually a lying thief, and PCBUTTS admitted in his own
post that he created the marker and claimed to know what it was - even
claimed to have submitted the malware to anti-virus vendors, but the
joke was on him, Stuart told everyone in the community about it BEFORE
it appeared in PCBUTTS1 download.... There is no actual file named
obatssrsghde.exe in the malware community, it was a ruse.

The key is in the spelling (shifted one character):

obatssrsghde.exe
pcbuttsthief

If you change (add) 1 character to each letter you will see that
"obatssrsghde" is actually the marker "pcbuttsthief" - proving that
PCBUTTS1 is a thief.

Are there other markers - YES, does PCBUTTS1 know about them - no,
they've been there for a long time, but this is the most obvious one.

Face it Chris/PCBUTTS1/TRT, you've exposed yourself in public.

 

[Char Jackson]

I think my wife just ran across the same kind of site. When she
clicked a link to a page that she wanted to see, a dialog box popped
up telling her that her computer is at risk. There is only an OK
button, so she clicked it, allowing the rest of the page to load.
Instead of getting the content that she expected, the page looked like
Windows Explorer down to the last detail, with the common tasks on the
left side and the drives shown in the center of the screen, and when
it finished loading it said that X viruses (different number for each
drive) were found on the respective drives. Lastly, it presents a
download dialog box, offering to let you download an .exe that will
remove everything and get you back in business. The .exe is named
"setup_build7_201.exe"

All in all, I thought it was fairly well done, and had to look twice
before advising my wife to exit without downloading or running
anything from that page. I don't _think_ she got infected by anything,
but we're running scans now. MBAM first, then SAS. NOD32 is resident
and active, and Gmer is standing by.

Sometimes, in addition to the social engineering aspect, there are
software exploits attempted. That first click may have been enough to
infest, so it is a good thing to have those tools at hand.

[...]

Cool, thanks. Here's another link that appears to do what I described
earlier, in case people are interested in seeing how it works. By
changing the http to hxxp, my newsreader may allow the URL to wrap.

<hxxp://windowsprotection-zone.com/?p=WKmimHVmaGqHjsbIo22EfYCIt1POo22dU9LXoKitioaLw8ydb5aYen5arK3NapmXZWSSaJRxmWGXVqXUltTZyG5nWKrYnpRrZ2ZsaGxsbW%2BHkMej>

 

[Ben]

Arianna:
If I were you I would not believe anything David says. It is well known in
these groups that he and The real Truth do not like each other. Because of
that he will steer you in the wrong direction and do just about anything to
keep you from using anything from the MVP's website. I used the Removeit
software and it did appear to fix my issues but everyone including David
kept saying that my system is really screwed up now. I believed them and
reformatted my system. I then sent a copy of that removeit software to
various anti virus companies for analysis and they told me it was clean and
will not harm my system. I reported my findings to The Real Truth and he
told sent me a long history of the feud he has been having with people in
this group. He also sent me copies from other users who have used his stuff
and are still running fine to this day, I have emailed them to verify. The
purpose of this group is to help and not flame each other The Real Truth is
always here helping but everyone else is here to flame him. I wasted 4 hours
formatting my system when I did not have too and I don't care what other
response I will get from this post but the Removeit software from
www.ms-mvp.org is NOT malicious and will NOT hurt your system. Anyone who
says otherwise is lying.

 

[Leythos]

Arianna:
If I were you I would not believe anything David says. It is well known in
these groups that he and The real Truth do not like each other. Because of
that he will steer you in the wrong direction and do just about anything to
keep you from using anything from the MVP's website.

Ariana, Ben is a sock - meaning that PCBUTTS (TheRealTruth) has created
alternative persona's (like Ben) at least 30 times in the last few year
to post fake support for himself.

The fact remains in that not a single honorable or ethical person will
advise you to visit PCBUTTS (TheRealTruth) site because it has hosted
countless filthy and nasty pornographic images that he placed there to
attack respected members of the anti-malware community, and he's been
exposed many times hosting stolen code from other authors where he
removes their names and inserts his own in order to take credit for the
works.

You will also find that the entire honorable and ethical anti-Malware
community supports and trust David Lipman.

 

[FromTheRafters]

Arianna:
If I were you I would not believe anything David says. It is well
known in these groups that he and The real Truth do not like each
other. Because of that he will steer you in the wrong direction and do
just about anything to keep you from using anything from the MVP's
website. I used the Removeit software and it did appear to fix my
issues but everyone including David kept saying that my system is
really screwed up now. I believed them and reformatted my system. I
then sent a copy of that removeit software to various anti virus
companies for analysis and they told me it was clean and will not harm
my system. I reported my findings to The Real Truth and he told sent
me a long history of the feud he has been having with people in this
group. He also sent me copies from other users who have used his stuff
and are still running fine to this day, I have emailed them to verify.
The purpose of this group is to help and not flame each other The Real
Truth is always here helping but everyone else is here to flame him. I
wasted 4 hours formatting my system when I did not have too and I
don't care what other response I will get from this post but the
Removeit software from www.ms-mvp.org is NOT malicious and will NOT
hurt your system. Anyone who says otherwise is lying.

PC Butts' program might not actually be malicious by most peoples
definitions, but PC Butts *is* a liar and a thief. This has been proven
to the complete satisfaction of any thinking person in these groups by
the exposure of one of the markers the *real* author of the stolen
software put in the software. On the other hand, David H. Lipman has a
good reputation of helping people here. In fact, warning people away
from PC Butts *is* helping people to avoid problems in malware removal.

 

[FromTheRafters]

Cool, thanks. Here's another link that appears to do what I described
earlier, in case people are interested in seeing how it works. By
changing the http to hxxp, my newsreader may allow the URL to wrap.

<hxxp://windowsprotection-zone.com/?p=WKmimHVmaGqHjsbIo22EfYCIt1POo22dU9LXoKitioaLw8ydb5aYen5arK3NapmXZWSSaJRxmWGXVqXUltTZyG5nWKrYnpRrZ2ZsaGxsbW%2BHkMej>

I'm sure someone will download that and marvel at how long it takes AV
scanners at VT to recognize and identify it.

 

[Rhonda Lea Kirk Fries]

In

Arianna:
If I were you I would not believe anything David says. It is well
known in these groups that he and The real Truth do not like each
other. Because of that he will steer you in the wrong direction and
do just about anything to keep you from using anything from the MVP's
website. I used the Removeit software and it did appear to fix my
issues but everyone including David kept saying that my system is
really screwed up now. I believed them and reformatted my system. I
then sent a copy of that removeit software to various anti virus
companies for analysis and they told me it was clean and will not
harm my system. I reported my findings to The Real Truth and he told
sent me a long history of the feud he has been having with people in
this group. He also sent me copies from other users who have used his
stuff and are still running fine to this day, I have emailed them to
verify. The purpose of this group is to help and not flame each other
The Real Truth is always here helping but everyone else is here to
flame him. I wasted 4 hours formatting my system when I did not have
too and I don't care what other response I will get from this post
but the Removeit software from www.ms-mvp.org is NOT malicious and
will NOT hurt your system. Anyone who says otherwise is lying.

Has there every been anyone in the history of usenet who does/has done so
poor a job of socking up as Christopher Butts?

 

[Dustin Cook]

It was suggested that I post this problem here. Maybe one of you can
help me.


I'm about to rip my hair out.

http://www.malwarebytes.org/forums/index.php?act=idx

Post your issue here, You have malware that's intentionally attacking our
software and others. Someone there at our forums can help you.

 

[ASCII]

Cool, thanks. Here's another link that appears to do what I described
earlier, in case people are interested in seeing how it works.

See how it works and retain the ability to delete the whole mess;
http://www.sandboxie.com/

By
changing the http to hxxp, my newsreader may allow the URL to wrap.

<hxxp://windowsprotection-zone.com/?p=WKmimHVmaGqHjsbIo22EfYCIt1POo22dU9LXoKitioaLw8ydb5aYen5arK3NapmXZWSSaJRxmWGXVqXUltTZyG5nWKrYnpRrZ2ZsaGxsbW%2BHkMej>

When you get sandboxie installed, try the URL this way, without the
wrapping issues; http://tinyurl.com/m4sbas

If you decide to run it outside of a sandbox (virtual zone) you might
want to have this handy http://ddhomepage.tripod.com/appswat.html